Since the advent of the Internet, private key encryption (e.g. SSL) and public key encryption (e.g. RSA, PGP) algorithms have been mainstay of the online data transfer. While the private key encrypted SSL tunneling is the universally deployed protocol for moving the data securely over the Internet, public key encryption protocols are generally deployed in online user authentication. The recent epidemic of phishing and its continuously evolving variants (such as keylogging, pharming, evil twin, and very recently reported sound snooping) has made all the existing encryption protocols inconsequential. The online fraudsters no more scan the data ports or decrypt an encryption to steel the data, they just steel the user ID and enter the secured network pretending as the authorized user. Hence, whether the website has secured SSL connection to the remote server, or it has a valid certificate from a certification authority has very little relevance to the modus operandi of the modern day fraudsters. The currently available means just cannot stop them. Phishing threats grew from an average of 2.99 million messages a day to 5.70 million between Jan. 1 and Jun. 30, 2005. Ten million victims of ID theft in US Businesses and financial institutions lost $48 billion, while consumer victims reported $5 billion in out-of-pocket expenses. Virtually every major bank has been hit with at least a handful of phishing attempts. Many banks are setting up response teams and codified procedures to deal with the problem. Phishing scams typically employ phony e-mail messages that purport to come from banks or popular Web sites such as eBay or PayPal. The messages try to lure recipients into entering account information and passwords into bogus forms hosted on malicious Web sites. Security experts have recently discovered a malicious program aimed at tricking users into clicking on phony search results on fake Google, Yahoo and MSN sites. People with infected machines who try to visit those popular search sites are redirected to spoof versions. No effective technology is currently available to stop this serious problem. The vastly infinite expanse of the Internet makes it virtually impossible to check authenticity of each and every one of the billions of pages available to the Internet user at the click of a mouse button. The problem is so serious and intractable in public perception that the experts in the industry as well as in academia believe a perfect cure is entirely a fallacy. The invention presented in this disclosure challenges that belief.
The instant invention improvises the operation of World Wide Web by establishing the authenticity of each page delivered to an Internet user. The current certification methods cannot stop spoofed pages from being delivered to an unsuspecting user. The invention not only authenticates the server to the client, but can be used to authenticate authorized client to the server. Therefore, the instant invention describes a novel method of instantly detecting and stopping a fraudulent Web page as soon as it is placed into circulation over the Internet by the fraudster. Accordingly, there is a need for a system described herein to overcome the limitations of the prior art. In the industrial practice the instant invention can be deployed as a novel certification tool. The current certification authorities provide nothing beyond enabling the SSL encryption, which afford absolutely no protection against the new ways that fraudsters steal the personal data.